In computing systems, a vulnerability can be defined as a weakness in software, hardware, firmware, etc. that can be exploited to gain access to certain resources. The management of vulnerabilities includes the practice of identifying and classifying vulnerabilities in computing systems and removing them. A vulnerability for which a working and implemented attack is known can be described as an exploitable vulnerability. A vulnerability is exploitable from the time when it is introduced to when it is removed or patched.
Vulnerabilities can be relatively difficult to categorize and mitigate. The Common Vulnerability Scoring System (CVSS) provides a way to characterize or define the principal characteristics of a vulnerability. The CVSS also provides a numerical score that reflects the severity of various vulnerabilities. The numerical score can be presented as a qualitative representation (e.g., low, medium, and high risk) to help prioritize vulnerability management processes.
The drawings illustrate only example embodiments and are therefore not to be considered limiting of the scope of the embodiments described herein, as other embodiments are within the scope of the disclosure.